diff --git a/packages/by-name/microsoft/cloud-hypervisor/0001-snp-fix-panic-when-rejecting-extended-guest-report.patch b/packages/by-name/microsoft/cloud-hypervisor/0001-snp-fix-panic-when-rejecting-extended-guest-report.patch deleted file mode 100644 index 4452767262..0000000000 --- a/packages/by-name/microsoft/cloud-hypervisor/0001-snp-fix-panic-when-rejecting-extended-guest-report.patch +++ /dev/null @@ -1,28 +0,0 @@ -From b8bda1e691c08c18a6178eb5d603789b07176cdf Mon Sep 17 00:00:00 2001 -From: Tom Dohrmann -Date: Wed, 14 Aug 2024 16:02:39 +0200 -Subject: [PATCH 1/2] snp: fix panic when rejecting extended guest report - -swei2_rw_gpa_arg.data is an array of size 16 and value.to_le_bytes() is -only 8 bytes. ---- - hypervisor/src/mshv/mod.rs | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/hypervisor/src/mshv/mod.rs b/hypervisor/src/mshv/mod.rs -index f60d8ceb..b8fccf31 100644 ---- a/hypervisor/src/mshv/mod.rs -+++ b/hypervisor/src/mshv/mod.rs -@@ -962,7 +962,8 @@ impl cpu::Vcpu for MshvVcpu { - byte_count: std::mem::size_of::() as u32, - ..Default::default() - }; -- swei2_rw_gpa_arg.data.copy_from_slice(&value.to_le_bytes()); -+ swei2_rw_gpa_arg.data[0..8] -+ .copy_from_slice(&value.to_le_bytes()); - self.fd - .gpa_write(&mut swei2_rw_gpa_arg) - .map_err(|e| cpu::HypervisorCpuError::GpaWrite(e.into()))?; --- -2.45.2 - diff --git a/packages/by-name/microsoft/cloud-hypervisor/0002-hypervisor-mshv-implement-extended-guest-requests-wi.patch b/packages/by-name/microsoft/cloud-hypervisor/0002-hypervisor-mshv-implement-extended-guest-requests-wi.patch deleted file mode 100644 index d6129dd16e..0000000000 --- a/packages/by-name/microsoft/cloud-hypervisor/0002-hypervisor-mshv-implement-extended-guest-requests-wi.patch +++ /dev/null @@ -1,125 +0,0 @@ -From bab58d1e2e7a3758920bcff0bf330a5ce64a0b79 Mon Sep 17 00:00:00 2001 -From: Tom Dohrmann -Date: Mon, 26 Aug 2024 11:14:34 +0200 -Subject: [PATCH 2/2] hypervisor: mshv: implement extended guest requests with - empty certs - -Previously we didn't handle extended guest requests at all and always -returned an error. This lead to issues with some guests that expected -extended requests to succeed. Instead, handle extended requests like -normal requests and write zeros to the extended area to signal to the -guest that we don't want to supply any additional certificate data. - -Signed-off-by: Tom Dohrmann ---- - hypervisor/src/mshv/mod.rs | 75 +++++++++++++++++++++------- - hypervisor/src/mshv/snp_constants.rs | 1 + - 2 files changed, 57 insertions(+), 19 deletions(-) - -diff --git a/hypervisor/src/mshv/mod.rs b/hypervisor/src/mshv/mod.rs -index b8fccf31..998570be 100644 ---- a/hypervisor/src/mshv/mod.rs -+++ b/hypervisor/src/mshv/mod.rs -@@ -950,24 +950,6 @@ impl cpu::Vcpu for MshvVcpu { - } - } - } -- SVM_EXITCODE_SNP_EXTENDED_GUEST_REQUEST => { -- warn!("Fetching extended guest request is not supported"); -- // Extended guest request is not supported by the Hypervisor -- // Returning the error to the guest -- // 0x6 means `The NAE event was not valid` -- // Reference: GHCB Spec, page 42 -- let value: u64 = 0x6; -- let mut swei2_rw_gpa_arg = mshv_bindings::mshv_read_write_gpa { -- base_gpa: ghcb_gpa + GHCB_SW_EXITINFO2_OFFSET, -- byte_count: std::mem::size_of::() as u32, -- ..Default::default() -- }; -- swei2_rw_gpa_arg.data[0..8] -- .copy_from_slice(&value.to_le_bytes()); -- self.fd -- .gpa_write(&mut swei2_rw_gpa_arg) -- .map_err(|e| cpu::HypervisorCpuError::GpaWrite(e.into()))?; -- } - SVM_EXITCODE_IOIO_PROT => { - let exit_info1 = - info.__bindgen_anon_2.__bindgen_anon_1.sw_exit_info1 as u32; -@@ -1096,7 +1078,62 @@ impl cpu::Vcpu for MshvVcpu { - })?; - } - } -- SVM_EXITCODE_SNP_GUEST_REQUEST => { -+ SVM_EXITCODE_SNP_GUEST_REQUEST -+ | SVM_EXITCODE_SNP_EXTENDED_GUEST_REQUEST => { -+ if exit_code == SVM_EXITCODE_SNP_EXTENDED_GUEST_REQUEST { -+ warn!("Fetching extended guest request is not supported"); -+ // We don't support extended guest request, so we just write empty data. -+ // This matches the behavior of KVM in Linux 6.11. -+ -+ // Read RAX & RBX from the GHCB. -+ let mut rax_rw_gpa_arg: mshv_read_write_gpa = -+ mshv_bindings::mshv_read_write_gpa { -+ base_gpa: ghcb_gpa + GHCB_RAX_OFFSET, -+ byte_count: std::mem::size_of::() as u32, -+ ..Default::default() -+ }; -+ self.fd.gpa_read(&mut rax_rw_gpa_arg).map_err(|e| { -+ cpu::HypervisorCpuError::GpaRead(e.into()) -+ })?; -+ let data_gpa = u64::from_le_bytes( -+ <[u8; 8]>::try_from(&rax_rw_gpa_arg.data[..8]).unwrap(), -+ ); -+ let mut rbx_rw_gpa_arg: mshv_read_write_gpa = -+ mshv_bindings::mshv_read_write_gpa { -+ base_gpa: ghcb_gpa + GHCB_RBX_OFFSET, -+ byte_count: std::mem::size_of::() as u32, -+ ..Default::default() -+ }; -+ self.fd.gpa_read(&mut rbx_rw_gpa_arg).map_err(|e| { -+ cpu::HypervisorCpuError::GpaRead(e.into()) -+ })?; -+ let data_npages = u64::from_le_bytes( -+ <[u8; 8]>::try_from(&rbx_rw_gpa_arg.data[..8]).unwrap(), -+ ); -+ -+ if data_npages > 0 { -+ // The certificates are terminated by 24 zero bytes. -+ let mut certs_rw_gpa_arg = -+ mshv_bindings::mshv_read_write_gpa { -+ base_gpa: data_gpa, -+ byte_count: 16, -+ ..Default::default() -+ }; -+ self.fd.gpa_write(&mut certs_rw_gpa_arg).map_err( -+ |e| cpu::HypervisorCpuError::GpaWrite(e.into()), -+ )?; -+ let mut certs_rw_gpa_arg = -+ mshv_bindings::mshv_read_write_gpa { -+ base_gpa: data_gpa + 16, -+ byte_count: 8, -+ ..Default::default() -+ }; -+ self.fd.gpa_write(&mut certs_rw_gpa_arg).map_err( -+ |e| cpu::HypervisorCpuError::GpaWrite(e.into()), -+ )?; -+ } -+ } -+ - let req_gpa = - info.__bindgen_anon_2.__bindgen_anon_1.sw_exit_info1; - let rsp_gpa = -diff --git a/hypervisor/src/mshv/snp_constants.rs b/hypervisor/src/mshv/snp_constants.rs -index 307326dd..69b12364 100644 ---- a/hypervisor/src/mshv/snp_constants.rs -+++ b/hypervisor/src/mshv/snp_constants.rs -@@ -20,5 +20,6 @@ pub const ECDSA_SIG_Y_COMPONENT_END: usize = - // These constants are derived from GHCB spec Sect. 2.6 Table 3 GHCB Layout - // Link: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf - pub const GHCB_RAX_OFFSET: u64 = 0x01F8; -+pub const GHCB_RBX_OFFSET: u64 = 0x0318; - pub const GHCB_SW_EXITINFO1_OFFSET: u64 = 0x398; - pub const GHCB_SW_EXITINFO2_OFFSET: u64 = 0x3A0; --- -2.45.2 - diff --git a/packages/by-name/microsoft/cloud-hypervisor/package.nix b/packages/by-name/microsoft/cloud-hypervisor/package.nix index 6a836e6169..a87c0d50c6 100644 --- a/packages/by-name/microsoft/cloud-hypervisor/package.nix +++ b/packages/by-name/microsoft/cloud-hypervisor/package.nix @@ -15,34 +15,34 @@ rustPlatform.buildRustPackage rec { pname = "cloud-hypervisor"; - version = "38.0.72"; + version = "41.0.79"; src = fetchFromGitHub { owner = "microsoft"; repo = "cloud-hypervisor"; rev = "refs/tags/msft/v${version}"; - hash = "sha256-wGLRBMZUiGRphED0a+GvKPDyhZBtg6aYoyOlvRtmmEA="; + hash = "sha256-3uDPeZzdc69i0rCn3/Kac4gCp1ZTZKkbwlsocIifN4A="; }; cargoLock = { lockFile = "${src}/Cargo.lock"; outputHashes = { - "acpi_tables-0.1.0" = "sha256-syDq+db1hTne6QoP0vMGUv4tB0J9arQG2Ea2hHW1k3M="; - "micro_http-0.1.0" = "sha256-gyeOop6AMXEIbLXhJMN/oYGGU8Un8Y0nFZc9ucCa0y4="; - "mshv-bindings-0.1.1" = "sha256-vg4kStPBvHtXLuHMQzzpn4voDcVgruO+OqQ1yUCAi/U="; - "vfio-bindings-0.4.0" = "sha256-Dk4T2dMzPZ+Aoq1YSXX2z1Nky8zvyDl7b+A8NH57Hkc="; + "acpi_tables-0.1.0" = "sha256-a6ojB2XVeH+YzzXRle0agg+ljn0Jsgyaf6TJZAGt8sQ="; + "micro_http-0.1.0" = "sha256-yIgcoEfc7eeS1+bijzkifaBxVNHa71Y+Vn79owMaKvM="; + "vfio-bindings-0.4.0" = "sha256-uggHjJ64R+uwaUU/a+gApitKy+VBxly3gLaNcW4BjKk="; "vfio_user-0.1.0" = "sha256-LJ84k9pMkSAaWkuaUd+2LnPXnNgrP5LdbPOc1Yjz5xA="; - "vm-fdt-0.2.0" = "sha256-lKW4ZUraHomSDyxgNlD5qTaBTZqM0Fwhhh/08yhrjyE="; - "kvm-bindings-0.7.0" = "sha256-hXv5N3TTwGQaVxdQ/DTzLt+uwLxFnstJwNhxRD2K8TM="; - "igvm-0.1.0" = "sha256-l+Qyhdy3b8h8hPLHg5M0os8aSkjM55hAP5nqi0AGmjo="; - "versionize_derive-0.1.6" = "sha256-eI9fM8WnEBZvskPhU67IWeN6QAPg2u5EBT+AOxfb/fY="; + "mshv-bindings-0.3.0" = "sha256-IqmFB4nyENsfEPqiSYv52sL4LDiv+rCabTiIxE1MWZ0="; + "vm-fdt-0.3.0" = "sha256-9PywgSnSL+8gT6lcl9t6w7X4fEINa+db+H1vWS+gDOI="; }; }; - patches = [ - ./0001-snp-fix-panic-when-rejecting-extended-guest-report.patch - ./0002-hypervisor-mshv-implement-extended-guest-requests-wi.patch - ]; + # Allow compilation with Rust 1.83.0, which requires public methods in + # test modules to have documentation when the `missing_docs` lint is enabled. + # Upstream issue: https://github.com/cloud-hypervisor/cloud-hypervisor/issues/6903 + postPatch = '' + substituteInPlace rate_limiter/src/lib.rs \ + --replace-fail '#![deny(missing_docs)]' "" + ''; separateDebugInfo = true;